1

For example:

command """%s abc %s,
        abs %s jfh %s etc...""" % (var1, var2, var3, var4)

I need to write that vars in multiline because there are a lot of them in code (for updating database).

Tested:

% (var1, var2,\
var3,var4)

not working. (Also tested without "," at the end of first line)

Error: Showing last ")" and:

SyntaxError: EOL while scanning string literal

PS. We got a good answer to this question, also problem was "%s"""" at the end, it should be: "%s" """ - yes, one blank space solves problem)))

Emin Mastizada
  • 1,375
  • 2
  • 15
  • 30
  • 8
    "I need to write that vars in multiline because there are a lot of them in code (for updating database)." **WARNING** - do __not__ build queries using string concatenation or formatting, instead use __prepared statements__. Building queries using string concatenation or string templating makes you susceptible to SQL injection when accepting user input. – Benjamin Gruenbaum Jan 30 '14 at 14:49
  • In continuation to @Benjamin Gruenbaum comment one more thing is that table names cannot be parameterized in SQL, that can cause a very annoying error. – Kobi K Jan 30 '14 at 14:51
  • 1
    What do you mean not working? Errors (provide traceback)? Unexpected outputs (provide inputs, expected outputs, actual outputs)? You have a missing `=`, could that be it? Also, parentheses give implicit line continuation in Python, you don't need \. – jonrsharpe Jan 30 '14 at 14:52
  • @BenjaminGruenbaum http://stackoverflow.com/questions/1947750/does-python-support-mysql-prepared-statements – Emin Mastizada Jan 30 '14 at 14:52
  • 1
    @EminMastizada that's through `cursor.execute` - note that even if _you_ are not doing anything wrong in your SQL queries - a lot of people read questions on this site and I want _them_ to be aware to the issues this might cause too. – Benjamin Gruenbaum Jan 30 '14 at 14:54
  • just remove "\" and have try, I think it should work. – Jerry_Y Jan 30 '14 at 14:55
  • @user3239580 already tested: SyntaxError: EOL while scanning string literal – Emin Mastizada Jan 30 '14 at 14:57
  • It appears your string literal is broken. Do you have the right number and type of quotation marks on each side? Are you sure you didn't accidentally put in curly quotes? – user2357112 Jan 30 '14 at 14:57
  • @EminMastizada but at least MySQLdb escapes the input for you. – Brave Sir Robin Jan 30 '14 at 14:59
  • @rmartinjak its just getting some variables for me and saves in my database for feature usage. Before sending I'm deleting most symbols from variables. Also strings like "" is not be problem for mysql – Emin Mastizada Jan 30 '14 at 15:01
  • There's also http://pythonhosted.org/oursql/ which provides real parametrization. – Brave Sir Robin Jan 30 '14 at 15:48

1 Answers1

8

Ignoring the valid SQL concerns, a better way to handle a multiline string problem is with str.format. This way you can store all your "data" in a dictionary and format at the very end. This will avoid (var1, var2, ..., varN). For example:

data = {'name':'Hooked',
        'site':'Stack Overflow',
        'adj' :'awesome'}

s = "{name} thinks {site} is {adj}!"

print s.format(**data)

#>> Hooked thinks Stack Overflow is awesome!
Hooked
  • 84,485
  • 43
  • 192
  • 261